This is an archive of the discontinued LLVM Phabricator instance.

Differential D52750

[Diagnostics] Check for integer overflow in array size expressions
ClosedPublic

Authored by xbolva00 on Oct 1 2018, 2:27 PM.

Details

Reviewers
rsmith
Rakete1111
Commits
rG3b6ae57654a5: [Diagnostics] Check for integer overflow in array size expressions
rC344759: [Diagnostics] Check for integer overflow in array size expressions
rL344759: [Diagnostics] Check for integer overflow in array size expressions
Summary

Fixes PR27439

Diff Detail

Repository
rC Clang

Event Timeline

xbolva00 created this revision.Oct 1 2018, 2:27 PM
Herald added a subscriber: cfe-commits. · View Herald TranscriptOct 1 2018, 2:27 PM
xbolva00 added a comment.Oct 1 2018, 2:36 PM

Seems it crashes with test suite. Looking at it.

xbolva00 updated this revision to Diff 167835.Oct 1 2018, 2:44 PM

Fixed crash

rsmith added a comment.Oct 1 2018, 2:52 PM

We're going to try evaluating the array size anyway (in isArraySizeVLA). It would be much better to produce the overflow warnings as part of that evaluation rather than adding an extra evaluation step to produce them.

xbolva00 updated this revision to Diff 167840.Oct 1 2018, 3:07 PM
  • Move code as suggested
rsmith added a comment.Oct 1 2018, 3:13 PM

This is still evaluating the expression twice. To evaluate it only once, you'll need to sink the checks into Sema::VerifyIntegerConstantExpression's call to EvaluateKnownConstInt. (That should also remove the redundant diagnostics noise in the language modes where signed overflow renders an expression non-constant.)

xbolva00 added a comment.Oct 1 2018, 5:09 PM

I have not found a way yet since EvaluateForOverflow returns nothing so I don't know how to check whether there was overflow or not.

Uploaded alternative patch which passes test suite and has no double warning issue.

xbolva00 updated this revision to Diff 167857.Oct 1 2018, 5:10 PM
xbolva00 updated this revision to Diff 167858.

fixed extra new line

xbolva00 added inline comments.Oct 2 2018, 4:22 AM
lib/Sema/SemaType.cpp
2231

@rsmith what about this place for check?

xbolva00 added a comment.Oct 6 2018, 2:27 AM

Ping :)

Rakete1111 added a subscriber: Rakete1111.Oct 6 2018, 10:47 AM
Rakete1111 added inline comments.
lib/Sema/SemaType.cpp
2232

What's up with this statement? Why is it needed? This won't handle overflows for unary expression for example.

xbolva00 added inline comments.Oct 6 2018, 10:58 AM
lib/Sema/SemaType.cpp
2232

Ok, I should use Sema::CheckForIntOverflow

But anyway, CheckForIntOverflow does not care about UnaryOperator either currently :)

xbolva00 updated this revision to Diff 168575.Oct 6 2018, 11:03 AM
  • Use Sema::CheckForIntOverflow
xbolva00 added inline comments.Oct 6 2018, 11:07 AM
lib/Sema/SemaType.cpp
2232

Anyway, the negative array size is handled a few lines above.

xbolva00 added a comment.Oct 11 2018, 3:08 AM

@Rakete1111 plesse take a look :)

Rakete1111 added a comment.Oct 11 2018, 3:35 AM

The array size is still evaluated twice. Try to incorporate the check in Sema::VerifyIntegerConstantExpression.

xbolva00 added a comment.Oct 11 2018, 4:12 AM

Thanks!

But I think I need to change EvaluateForOverflow method to return bool to indicate overflowing.

Rakete1111 added a comment.Oct 11 2018, 4:36 AM

Nah, you don't even need to call EvaluateForOverflow I believe. :) Have a look overflow evaluation is done.

xbolva00 added a comment.Oct 11 2018, 1:49 PM
In D52750#1261746, @Rakete1111 wrote:

Nah, you don't even need to call EvaluateForOverflow I believe. :) Have a look overflow evaluation is done.

Well..

if (!getLangOpts().CPlusPlus11 && E->isIntegerConstantExpr(Context)) {
  if (Result) {
    *Result = E->EvaluateKnownConstInt(Context); // here

}

and
char a[2147483642 * 3];

Result->getBitWidth() reports 32. I don't know how to detect there if overflow or not :/ I have already spent some time to solve this, but still no good solution. Possibly I would abandon this patch.

rsmith added inline comments.Oct 11 2018, 3:45 PM
lib/Sema/SemaType.cpp
2231

This is still evaluating the expression twice. To avoid that, you need to change the existing code that calls the evaluator to ask it to produce overflow warnings as a side-effect rather than adding a new call to CheckForIntOverflow.

xbolva00 updated this revision to Diff 169407.Oct 12 2018, 8:16 AM
  • check for overflow when evaluating
xbolva00 updated this revision to Diff 169408.Oct 12 2018, 8:17 AM
xbolva00 updated this revision to Diff 169409.
  • Undo extra newline
Rakete1111 added a comment.Oct 12 2018, 8:30 AM

This doesn't produce a warning in C++11 and up.

xbolva00 added a comment.EditedOct 12 2018, 8:35 AM
In D52750#1263461, @Rakete1111 wrote:

This doesn't produce a warning in C++11 and up.

But see Richard's comment: https://reviews.llvm.org/D52750#125175 so I am not sure :/

Rakete1111 added a comment.Oct 12 2018, 8:39 AM
In D52750#1263466, @xbolva00 wrote:
In D52750#1263461, @Rakete1111 wrote:

This doesn't produce a warning in C++11 and up.

But see Richard's comment: https://reviews.llvm.org/D52750#125175 so I am not sure :/

I guess I can see why it makes sense to suppress the warning in those cases. Sorry.

xbolva00 added a comment.Oct 12 2018, 8:46 AM

That's fine :) btw, thanks for review comments!

Hopefully, this solution would be now acceptable :)

rsmith added a comment.Oct 12 2018, 6:28 PM

Yeah, this looks better.

Though this really highlights that the "warn on undefined behavior" behavior of the constant evaluator should be orthogonal to the evaluation mode... we don't really need/want to evaluate past a side-effect or non-constant expression here.

xbolva00 added a comment.Oct 13 2018, 12:09 AM
This comment was removed by xbolva00.
xbolva00 added a comment.Oct 16 2018, 3:23 PM

Reping :)

xbolva00 added a reviewer: Rakete1111.Oct 18 2018, 7:56 AM
rsmith accepted this revision.Oct 18 2018, 1:03 PM

We can leave the cleanup of the expression evaluator to another change.

This revision is now accepted and ready to land.Oct 18 2018, 1:03 PM
Closed by commit rL344759: [Diagnostics] Check for integer overflow in array size expressions (authored by xbolva00). · Explain WhyOct 18 2018, 1:51 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptOct 18 2018, 1:51 PM

Revision Contents

PathSize
lib/
Sema/
2 lines
test/
Sema/
3 lines

Diff 167834

lib/Sema/SemaType.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,076 Lines▼ Show 20 Lines
/// \param Entity The name of the entity that involves the array /// \param Entity The name of the entity that involves the array
/// type, if known. /// type, if known.
/// ///
/// \returns A suitable array type, if there are no errors. Otherwise, /// \returns A suitable array type, if there are no errors. Otherwise,
/// returns a NULL type. /// returns a NULL type.
QualType Sema::BuildArrayType(QualType T, ArrayType::ArraySizeModifier ASM, QualType Sema::BuildArrayType(QualType T, ArrayType::ArraySizeModifier ASM,
Expr *ArraySize, unsigned Quals, Expr *ArraySize, unsigned Quals,
SourceRange Brackets, DeclarationName Entity) { SourceRange Brackets, DeclarationName Entity) {
ArraySize->EvaluateForOverflow(Context);
SourceLocation Loc = Brackets.getBegin(); SourceLocation Loc = Brackets.getBegin();
if (getLangOpts().CPlusPlus) { if (getLangOpts().CPlusPlus) {
// C++ [dcl.array]p1: // C++ [dcl.array]p1:
// T is called the array element type; this type shall not be a reference // T is called the array element type; this type shall not be a reference
// type, the (possibly cv-qualified) type void, a function type or an // type, the (possibly cv-qualified) type void, a function type or an
// abstract class type. // abstract class type.
// //
// C++ [dcl.array]p3: // C++ [dcl.array]p3:
▲ Show 20 LinesShow All 129 Lines▼ Show 20 Lines if (ConstVal == 0) {
// Is the array too large? // Is the array too large?
unsigned ActiveSizeBits unsigned ActiveSizeBits
= ConstantArrayType::getNumAddressingBits(Context, T, ConstVal); = ConstantArrayType::getNumAddressingBits(Context, T, ConstVal);
if (ActiveSizeBits > ConstantArrayType::getMaxSizeBits(Context)) { if (ActiveSizeBits > ConstantArrayType::getMaxSizeBits(Context)) {
Diag(ArraySize->getBeginLoc(), diag::err_array_too_large) Diag(ArraySize->getBeginLoc(), diag::err_array_too_large)
<< ConstVal.toString(10) << ArraySize->getSourceRange(); << ConstVal.toString(10) << ArraySize->getSourceRange();
return QualType(); return QualType();
} }
} }
xbolva00AuthorUnsubmitted
Not Done
ReplyInline Actions

@rsmith what about this place for check?

xbolva00: @rsmith what about this place for check?
rsmithUnsubmitted
Not Done
ReplyInline Actions

This is still evaluating the expression twice. To avoid that, you need to change the existing code that calls the evaluator to ask it to produce overflow warnings as a side-effect rather than adding a new call to CheckForIntOverflow.

rsmith: This is still evaluating the expression twice. To avoid that, you need to change the existing…
Rakete1111Unsubmitted
Not Done
ReplyInline Actions

What's up with this statement? Why is it needed? This won't handle overflows for unary expression for example.

Rakete1111: What's up with this statement? Why is it needed? This won't handle overflows for unary…
xbolva00AuthorUnsubmitted
Not Done
ReplyInline Actions

Ok, I should use Sema::CheckForIntOverflow

But anyway, CheckForIntOverflow does not care about UnaryOperator either currently :)

xbolva00: Ok, I should use Sema::CheckForIntOverflow But anyway, CheckForIntOverflow does not care about…
xbolva00AuthorUnsubmitted
Not Done
ReplyInline Actions

Anyway, the negative array size is handled a few lines above.

xbolva00: Anyway, the negative array size is handled a few lines above.
T = Context.getConstantArrayType(T, ConstVal, ASM, Quals); T = Context.getConstantArrayType(T, ConstVal, ASM, Quals);
} }
// OpenCL v1.2 s6.9.d: variable length arrays are not supported. // OpenCL v1.2 s6.9.d: variable length arrays are not supported.
if (getLangOpts().OpenCL && T->isVariableArrayType()) { if (getLangOpts().OpenCL && T->isVariableArrayType()) {
Diag(Loc, diag::err_opencl_vla); Diag(Loc, diag::err_opencl_vla);
return QualType(); return QualType();
} }
▲ Show 20 LinesShow All 5,920 LinesShow Last 20 Lines

test/Sema/integer-overflow.c

Show First 20 LinesShow All 166 Lines▼ Show 20 Lines
// expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+2 {{overflow in expression; result is 536870912 with type 'int'}}
uint64_t (*f0_ptr)(uint64_t) = &f0; uint64_t (*f0_ptr)(uint64_t) = &f0;
(void)(*f0_ptr)(4608 * 1024 * 1024); (void)(*f0_ptr)(4608 * 1024 * 1024);
// expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}} // expected-warning@+1 {{overflow in expression; result is 536870912 with type 'int'}}
(void)f2(0, f0(4608 * 1024 * 1024)); (void)f2(0, f0(4608 * 1024 * 1024));
} }
void check_integer_overflows_in_array_size() {
int arr[4608 * 1024 * 1024]; // expected-warning {{overflow in expression; result is 536870912 with type 'int'}}
}
struct s { struct s {
unsigned x; unsigned x;
unsigned y; unsigned y;
} s = { } s = {
.y = 5, .y = 5,
.x = 4 * 1024 * 1024 * 1024 // expected-warning {{overflow in expression; result is 0 with type 'int'}} .x = 4 * 1024 * 1024 * 1024 // expected-warning {{overflow in expression; result is 0 with type 'int'}}
}; };
Show All 20 Lines